General
-
Target
real_real.exe
-
Size
29KB
-
Sample
240410-1venlsff2y
-
MD5
0b9b0386b6cab83fe5a4c04c0b65c403
-
SHA1
0be6dbb134443d33fa2ac5c9c6bb2647a1926cbc
-
SHA256
b8d72c16abd24a1e51bb0eeacc7c457ebccd5e1fa57d2d642a526ee2d1e541bd
-
SHA512
3bb96063f5bfc0c36ff348ce48042de65e2558100c5d57656aa046582442fc7adacc38aab31b575d896fa489a3bdebc30d70bfff61b715a8f0104ef6d865c313
-
SSDEEP
768:CMLDLEGXaAi8MM9cmtqTbUq92pfAIxsXo:vUS9cIq92pI3o
Malware Config
Extracted
discordrat
-
discord_token
MTAyNDExMzEzMzMwNTk5MTE2OA.GRPbrF.Fde2e_XHB9OlfMsG_9USDaiquej3NROWumdFSc
-
server_id
1075172166271782923
Targets
-
-
Target
real_real.exe
-
Size
29KB
-
MD5
0b9b0386b6cab83fe5a4c04c0b65c403
-
SHA1
0be6dbb134443d33fa2ac5c9c6bb2647a1926cbc
-
SHA256
b8d72c16abd24a1e51bb0eeacc7c457ebccd5e1fa57d2d642a526ee2d1e541bd
-
SHA512
3bb96063f5bfc0c36ff348ce48042de65e2558100c5d57656aa046582442fc7adacc38aab31b575d896fa489a3bdebc30d70bfff61b715a8f0104ef6d865c313
-
SSDEEP
768:CMLDLEGXaAi8MM9cmtqTbUq92pfAIxsXo:vUS9cIq92pI3o
Score10/10-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-